CVE-2025-10496

🗓️ 09 Oct 2025 02:09:53Reported by WordfenceType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 9 Views

CVE-2025-10496: WordPress Cookie Notice plugin stores XSS via uuid parameter up to version 1.6.5, unauthenticated.

Reporter	Title	Published	Views	Family All 8
Cvelist	CVE-2025-10496 Cookie Notice & Consent <= 1.6.5 - Unauthenticated Stored Cross-Site Scripting	9 Oct 202502:09	–	cvelist
EUVD	EUVD-2025-33266	9 Oct 202502:09	–	euvd
NVD	CVE-2025-10496	9 Oct 202502:15	–	nvd
Patchstack	WordPress Cookie Notice & Consent plugin <= 1.6.5 - Unauthenticated Stored Cross-Site Scripting vulnerability	8 Oct 202522:25	–	patchstack
Positive Technologies	PT-2025-41328	9 Oct 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-10496	10 Oct 202502:32	–	redhatcve
Vulnrichment	CVE-2025-10496 Cookie Notice & Consent <= 1.6.5 - Unauthenticated Stored Cross-Site Scripting	9 Oct 202502:09	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (October 6, 2025 to October 12, 2025)	16 Oct 202516:22	–	wordfence

Vulners

Node

christophrado cookie_notice_&_consentRange≤1.6.5wordpress

[
  {
    "vendor": "christophrado",
    "product": "Cookie Notice & Consent",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "1.6.5",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/changeset
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/035097dd-8ebd-49b8-93ea-0f957594f130
plugins	www.plugins.trac.wordpress.org/browser/cookie-notice-consent/tags/1.6.5/includes/class-cnc-logger.php
plugins	www.plugins.trac.wordpress.org/browser/cookie-notice-consent/tags/1.6.5/includes/class-cnc-admin.php
plugins	www.plugins.trac.wordpress.org/browser/cookie-notice-consent/tags/1.6.5/includes/class-cnc-logger.php

15 Apr 2026 00:35Current

4.9Medium risk

Vulners AI Score4.9

CVSS 3.17.2

EPSS0.00225

SSVC

CWE-80